Is Your Password Still “123456”? If So, It’s Time for a Change

If you or your co-workers use any of the passwords listed below, you are asking to be hacked.  According to a report from the consulting firm Imperva, this list reflects an analysis of some 32 million passwords that an unknown hacker stole in December 2009 from RockYou, a company that makes software for users of social networking sites.  Somewhat shockingly, the password “123456” was used by nearly 1% of all RockYou users; the “top 20” RockYou passwords are reproduced below:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
  11. Nicole
  12. Daniel
  13. babygirl
  14. monkey
  15. Jessica
  16. Lovely
  17. michael
  18. Ashley
  19. 654321
  20. Qwerty

Hackers around the world now have this list of 32 million passwords and are using it to make brute force attacks on accounts and networks.  How can you defend yourself?  Change and toughen your passwords, lengthening them and adding a mix of letters and numbers.  If you are trying to defend your company’s network, you need to adopt and enforce more rigorous password policies.  Tougher passwords will not make you or your networks hack-proof, but they will put you ahead of the thousands of people who still use “123456.”

One thought on “Is Your Password Still “123456”? If So, It’s Time for a Change

  1. Pingback: One More New Year’s Resolution: Change Your Passwords Before Groundhog Day | Security, Privacy and the Law

Leave a Reply

Your email address will not be published. Required fields are marked *